FTC Tightens Safeguards for Consumer Data After Major Breaches

The agency is revising the rules that financial institutions must follow

The Federal Trade Commission (FTC) has updated its Safeguards Rule following widespread data breaches involving consumers' personal and financial information. The move tightens the security standards financial institutions must follow.

Key Takeaways

  • The FTC has made an update to its Safeguards Rule, which dictates how financial institutions must secure the financial data of their customers.
  • The agency's chair and one commissioner provided a joint statement in support of the update, pointing to the 2017 Equifax data breach, among others, as the reason for the change.
  • The update includes specific criteria that financial institutions must meet to stay in compliance.

New Update to Provide More Security for Consumers

The FTC announced last week a new measure to better protect consumers against identity theft and financial losses that could arise from data breaches.

Data breaches occur when cybercriminals access data from a computer system without permission. Depending on the target, a breach can give identity thieves access to consumers' personal information, credit card details, account numbers, and other data that they can use to perpetrate other crimes or sell to other criminals.

In a joint statement by FTC Chair Lina M. Khan and Rebecca Kelly Slaughter, the two pointed to the Equifax data breach in 2017, which exposed the information of 147 million people, and other recent widespread data breaches as the reason for the updates.

The final rule provides more specific criteria for what safeguards financial institutions are required to implement to protect consumers' financial data. Examples include limiting who can access the data and using encryption to secure it.

Financial institutions will also be required to explain their information-sharing practices. That includes administrative, technical, and physical safeguards the institutions use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle their customers' secure information.

Finally, financial institutions will be required to designate a single qualified individual to oversee their information security program. This individual must regularly report to a senior officer in charge of information security or to the organization's board of directors.

The FTC is seeking public comment on whether it should make additional changes to the Safeguards Rule, which also requires organizations to report certain data breaches and other security events to the agency. The public will have 60 days to submit comments.

Article Sources

Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. Federal Trade Commission. "FTC Strengthens Security Safeguards for Consumer Financial Information Following Widespread Data Breaches." Accessed Nov. 1, 2021.

  2. Federal Trade Commission. "Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter Regarding Regulatory Review of the Safeguards Rule Commission File No. P145407." Accessed Nov. 1, 2021.

Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.